ZICS : A *NEW* Way to Store User Password

This is an article on ZICS : A *NEW* Way to Store User Password in Web Design, HTML And CSS Tutorials.

This is just a quick Guide for the my new script : ZICS [ZONTEK's Interactive Combination System]. Pretty crazy, yup but this would be a nice feature to added to your site to catch up the users eyes. To tell the truth the idea is not original but I have rarely seen this implement within websites. So here what it is.

This script provides a simple grid where the user will be drawing or connecting dots and making a pattern of his wish. And then THIS WILL BE HIS PASSWORD. What actually given out by this is an array with 1's for the dots enabled and 0's for the dots disabled. hence the password given out is pretty long and it will be a another security advantage that once it is hashed it would be a hell lot to crack.

Usage

There's only few steps to use the thing, first let's extract the file content to the folder login. You will have several files from that DELETE the index.php and demo.png [They are for testing]. Now let's make our own index.php. Add a link to the zicomb.css style on the header and a link to the JQUERY script of google's. This is really important as the script uses many jQuery functions. Now at last before the </body> tag add a link to the zicomb.js script. This is how it looks like.

It's almost over but we just need to specify where to add the Combination Selector. For that we can place a div with id="pwd" anywhere in the script. And the script will add a hidden field with name pass which will later hold the input of the user. So we do better use the div inside a form so we can submit the password like we submit it with a usual boring text box

ah i phrased it wrong
i wanted to say others were not interested in making a web based plugin or implementing this for web pages
as i couldnt find any other made ones like this [may be i used the wrong keyowrds to search ]

edit:
setSize() method is not working [as i have porrly implemented it :S]
anyway to increase the no. of sqare, you can edit the zicomb.js, the first 2 lines are the rows and columns
would fix this in the next release

I think your passwords would be easy to crack. One they appear to be set to a max length of 25 characters. Add on the fact that it only allows two digits 0 and 1, this makes it super easy to crack. A program in C could crack in in no time, one in php could do it in a few minutes. Its to limited with just 2 digits and a max set of 25. If they input the correct sequence the MD5 hash doesn't matter because the password would match the hash stored in the database for that user.

The function below if ran through a cron could crack your password easy and fast. Each number takes about 0.0016 s to run so in a minute or so I could crack one password.

there are several factors here
one is that the password generated here is equivalent to a 6 lower-upper-alpha-numeric text password [confirmed by several of the field] and to be true i am not good with permutatiaons or combinations theorie but im sure this will have the same complexity as of a 6 char password
this is for 5x5 grid
and there's no limit for the extendibility of the grid, although it would not be very nice to have a very big one

in the above code, i'm sure you will have more time with md5 implemented, but anyway if you got a super computer or stuff you can easily crack any hash, just like any other password, this too has weakness

[how ever many suggested of having some algorithms to convert the binary data to another form though some mathematical translation, i would try making one in next releases ]

and on the other hand, who on the hell there days would not prevent from their DB's leeching or getting injected?

hey everyone, i managed to put up something temporary for security
but this could be used long term as well
but this is server side
it's simply adding up a number defined by the script
anynumber the user like
use the following function

i think its a gr8 idea of a desktop application , this idea is very creative for the generation of web application , and it can be improved with type of algorithm , i highly recommend this new of creation of type of password generators ,proud of you , keep it up